Glossary Term

Step-up Authentication

Step-up Authentication is an additional step in a login or authentication workflow in which a user is asked to provide additional confirmation of their identity.

Step-up authentication is generally used when the results of an initial authentication attempt are either uncertain or rejected, and provides a further opportunity for the user to prove their identity using an identity factor that they have not yet provided.

For example, if a user logging in to a Plurilock ADAPT-enabled workflow is able to provide the correct username and password, yet their identity score falls slightly below the configured threshold for a positive decision, they may be prompted to provide step-up authentication in the form of an SMS code or an email link click. If they are able to provide this further proof of their identity, they may then be logged in.

Step-up authentication enables administrators to manage boundary cases in authentication without the need for manual intervention and without having to unnecessarily exclude legitimate users. Less positively, however, step-up authentication represents an additional workflow step that may drive user frustration or harm user productivity, This drawback is a key factor in the adoption of Plurilock products, which reduce instances of step-up authentication by over 90 percent.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms


2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  



2020 Authentication Guide

Summary of authentication recommendations from major standards bodies, plus Plurilock’s own recommendations.

White Paper: Advanced Authentication

The state of authentication today—and why you need Plurilock products.

Understanding MFA vs. Privacy

Is multi-factor authentication always good for privacy? See why it isn't, and which strategies make the grade.

Behavioral Biometrics Guide

The definitive guide to behavioral biometrics, a core Plurilock technology.

Stay informed. Join our low-volume mailing list for Plurilock and cybersecurity news and updates.


Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.



Contact Plurilock

Have a question or comment? 

Plurilock Lead Capture Block

Welcome to Plurilock!

We’d love to hear about your interest in our products.


Okay, cool.

We'd like to provide you with more info. How can we reach you?

Enter your email above to agree to receive commercial electronic communication from Plurilock via email.


Someone from Plurilock will get in touch with you soon.
In the meantime, learn more about our ADAPT and DEFEND products—and be sure to check out our Blog for in-depth cybersecurity coverage.